Raising Cybersecurity Awareness Among Departmental Employees: Implementation of Trend Micro’s Phish Insight Tool
摘要
Cybersecurity threats pose significant global risks, amplified by increased digital reliance, yet human error remains the most significant vulnerability, frequently stemming from insufficient employee risk awareness. Phishing attacks, which exploit human psychology, exemplify this, contributing to 95% of successful cyber-attacks by deceiving employees into revealing sensitive information. This study investigated the efficacy of a phased intervention strategy utilizing Trend Micro’s Phish Insight tool to enhance cybersecurity awareness among employees. Our methodology comprised two phases: Phase 1 involved foundational cybersecurity training for 3,600 employees through the “Security Essentials” module, establishing basic comprehension of phishing and cyber threats. Phase 2 subsequently introduced a simulated Business Email Compromise attack to assess employee resilience. Data from the 2,576 employees who completed training revealed that 73.9% (1,904 users) completely avoided interaction with the phishing emails, demonstrating high awareness. However, 23.5% (606 users) clicked the links but did not provide credentials, indicating partial threat recognition, and 2.6% (66 users) entered their credentials, signifying persistent vulnerabilities. These findings underscore the critical importance of effective training tools in mitigating human error and bolstering organizational security, while simultaneously highlighting the continuous necessity for awareness reinforcement and refined training approaches to address residual risks.